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Abstract- Secure group communication is a challenging task 
with respect to MANET 's, authentication of mobile nodes, 
group key establishment and rekeying for secure 
information exchange and QoS in data transfer. In this 
paper we authenticate the mobile nodes through transitive 
signature scheme in the routing phase of AODV protocol. 
For a secure group communication we establish a 
collaborative group key with the members participating in 
the route path to the destination. The nodes are dynamic in 
nature, in which any new node can join in the group or 
leave the group. Instead of performing individual Rekeying 
operations, it is performed at a particular time interval. 
Performance of the group communication is compared with 
the existing protocols. The analysis is made with respect to 
the throughput, rekeying time, delay, overhead and 
communication cost. The simulation result shows that our 
protocol enjoys greater advantage over other protocols in 
the literature. 

Index Terms: Ad-hoc Networks, Secure Group 
communications, Routing, Key Generation and Rekeying 

I. Introduction 

A Mobile Ad-hoc NETwork (MANET) is a 
system of wireless mobile nodes that dynamically 
self-organize in arbitrary and temporary network 
topologies. In mobile ad hoc network, nodes can 
directly communicate with all the other nodes 
within their radio frequency range; whereas nodes 
that are not in the direct communication range use 
intermediate node(s) to communicate with each 
other. In these two situations, all the nodes that have 
participated in the communication automatically 
form a wireless network, therefore this kind of 
wireless network can be viewed as mobile ad hoc 
network. These properties make MANET very 
suitable for group communications. 

The routing is a process of identifying the 
path between the two nodes, which is accomplished 
through different protocols such as AODV, DSR 
and DSDV for mobile ad-hoc networks. These 
protocols do not provide the authentication scheme 
for the mobile nodes that participates in the route 
discovery in a group. 

In this section, we introduce the basics of the 
AODV routing protocol. AODV is a simple and 
efficient on-demand ad hoc routing protocol. 
Basically, it uses RREQ (route request), RREP 



(route reply) and RRER (route error) messages to 
accomplish route discovery and maintenance 
operations. It also utilizes sequence numbers to 
prevent routing loops. Routing decision making is 
based on sequence numbers and routes maintained 
in each node's routing table. The routing operations 
of AODV generally consists of two phases namely 
route discovery and route maintenance. Route 
discovery is performed through broadcasting RREQ 
message. Whenever a node needs to send data 
packets to a destination, it first checks if it has an 
existing route in the routing table. If not, the source 
node will initiate a RREQ and broadcast this request 
to all the neighbours. Then neighboring nodes will 
update their routing table according to the received 
message. When RREQ reaches the destination, a 
RREP will be generated by the destination node as a 
response to RREQ. The RREP will be transmitted 
back to the originator of RREQ in order to inform 
the route. If an intermediate node has an active route 
towards destination, it can reply the RREQ with a 
RREP, which is called Gratuitous Route Reply. The 
intermediate node will also send an RREP to 
destination node. The RREP will be sent in reverse 
route of RREQ if a bidirectional link exists. This is 
another way of disrupting topology by creating 
route loops. 

II. Related Works 

A Burmester and Desmedt Protocol [BD] 

Burmester and Desmedt Protocol [1] is an 
extension of the Diffie-Hellman key distribution 
system. 



Kj = (__)■_ . X; "- 1 - Xn n_2 Xj. 2 mod p. 



That is each group user will come up with the 
same secret key k = g rlr2+r2r3+ - ■ +mrl mo d p 5 which is 
the group key shared by all group members. 

In BD scheme, each group member needs to 
perform n+1 exponentiations. It also requires a total 
number of 2n broadcast messages. 
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B Group Diffie-Hellman Key Exchange 



III. Proposed System Model 



Group Diffie-Hellman key exchange [2] is an 
extension of the DH key agreement protocol that 
supports group operations. The DH protocol is used 
for two parties to agree on a common key. 

In this protocol, instead of two entities, the 
group may have n members. The group agrees on a 
pair of primes (q and a) and starts calculating in a 
distributive fashion for the intermediate values. 

The first member calculates the first value 
(a xl ) and passes it to the next member. Each 
subsequent member receives the set of intermediary 
values and raises them using its own secret number 
generating a new set. 

A set generated by the i' member will have ;' 
intermediate values. For example, the fourth 
member receives the set: 

i x2x3 xlx3 xlx2 x 1^:2x3 > 

{a ,a , a ,a } 
and generates the set 

t x2x3x4, xlx3x4, xlx2x4, xlx2x3 xlx2x3x4i 

{a a a a , a } 

The setup time is linear (in terms of n) since 
all members must contribute in generating the group 
key. Therefore, the size of the message increases as 
the sequence reaches the last member and more 
intermediate values are necessary. With that, the 
number of exponential operations also increases. 

C Logical Key Hierarchy [LKH] 

Perrig and Kim et al. [3] also use a logical 
key hierarchy to minimize the number of key held 
by group members. The difference here is that 
group members generate the keys in the upper levels 
using the Diffie-Hellman algorithm rather than 
using a one-way function. The key of each node is 
generated from its two children (k : 



kt kr , , 

a modp). 



D Tree Based Group Diffie- Hellman 

Y. Kim, A. Perrig, and G. Tsudik,[4] 
[TGDH] proposed a novel approach to group key 
agreement by blending binary key trees with Diffie- 
Hellman key exchange. The resultant protocol suite 
is very simple, fault-tolerant and secure. We unify 
the following two important trends in group key 
management: 

1) The use of so-called key trees to compute 
efficiently and update group keys. 

2) The use of Diffie-Hellman key exchange hybrids 
to achieve provably secure and fully distributed 
protocols. 
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Figure. 1: Model of AGPM 

A Authentication through Transitive scheme 

In this section, we introduce transitive 
signature scheme to authenticate the nodes at route 
discovery phase. It was originally used to 
dynamically build an authenticated graph, edge by 
edge. The signer, having secret key sk and public 
key pk, can at any time pick a pair i, j of nodes and 
create a signature of {i,j}, thereby adding edge {/, 
j} to the graph. 

In addition, given a signature of an edge {/, 
j} and a signature of an edge {/', k\, anyone in 
possession of the public key can create a signature 
of the edge {;', k}. 

Setup 

Each node in the network agrees with the following 
parameters: 

- Large prime p and q such that q divides p-1 

- Two generates g and h of subgroup Gq of order 
qCZp* such that the base-g logarithm of 

h modular p is infeasible for others to compute. 

Then each node w, does the following: 

1 . Randomly choose two values X; and yj from 

Zp*; 

Compute a; = x t mod q and (3; = yi mod q; 

Compute v,- = g x ;h y ; mod p; 

Broadcast a t and Pj to node's neighbors. 

Upon the receipt of (Xj and Pj from each 

neighbor, node ;' compute: 
a,j = Xj -Xj mod q 
and Py =y t -y t mod q 
6. Node i records in its memory the quadruple: 

(V„ Vj, Oy, Py) 

Sign 
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To sign the path between node A and node 
B, node B must have received a A , Pa , and v A from 
node A. Then node B computes the signature as: 
a ab = Xa ~xb mod q and 
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PAB=yA-yBmodq 
Node B publishes the quadruple as the signature: 

(v A , v b , ,<x A b, Pab) 
Verify 

Any node can verify the previous signature 
by checking: 

V A =VBg a ABh p ABmod q 

Path Composing 

When the next hop node C receives the 
signature between node A and node B, it first 
verifies the validity of the signature in order to 
ensure that node B does have an active route 
towards node A. Then node C generates a transitive 
signature over the received one so as to incorporate 
itself into the path. 

Given signature (v A , v B , a A B, Pab), node C 
retrieves the quadruple (v B , v c , a B c, Pbc) and 
computes the new transitive signature (v^, v c , asc, 
Pac) as: 

a ac = a ab - a B c mod q and 
= x A _ x c mod q 

Pac = Pab -Pbc mod q and 
= y A _y c modq 
The signature for the path from node A to node C is: 

(Va,V C ,U AC, P AC) 

The use of the transitive signature scheme to 
enable the route aggregation has one big benefit. It 
enables the authentication of both originator and 
gratuitous replier in one signature. In delegation by 
warrant, the token is signed with the routing packet 
by the gratuitous replier. Thus, the authentication of 
the gratuitous replier has to be done by verifying the 
conventional signature, and the token which is 
signed using conventional signature scheme has to 
be verified at the same cost. By using transitive 
signatures, the originator and replier can be 
authenticated at the same time. However, the use of 
the transitive signature scheme to enable gratuitous 
reply authentication requires the cost of exchanging 
public key quadruples and computing the path 
signatures between neighboring nodes. It is 
considered to be the major drawback of this 
application. 

B Interval-Based Distributed Rekeying Algorithms 

Interval-based rekeying algorithm proposes that 
rekeying is done at equal intervals instead of each 
leave and join operation. 

Notations 



(M J ! M J j) wish to join the group within a 

rekeying interval. 

Rebuild Algorithm 

At the beginning of every rekeying 
interval, we reconstruct the whole key tree with all 
existing members that remain in the communication 
group, together with the newly joining members. 
The resulting tree is a left-complete tree. The 
pseudo-code of the Rebuild algorithm to be 
performed by every member in the group. 




Figure. 2: Example for Rebuild 

Rebuild (T, M j , J, M 1 , L) 

1 . Get all members from T and store them in 
M' 

2. Remove the L leaving members in M 
From M' 

3. Add the J new members in M J to M' 

4. Create a new binary tree T' based on 
members in M' and set T = T' 

5. Select all members to be sponsors 

6. Rekey renewed nodes and broadcast new 
blinded keys in T 

Figure. 2 shows the scenario where 
members M2, M5, and M7 wish to leave and a new 
member M8 wishes to join the communication 
group. Based on the algorithm, the resulting key tree 
consists of five members and has all non-leaf nodes 
renewed. Besides, the sponsors include all the five 
members. 

C Performance evaluation 

The above protocol (AGPM) is 
implemented in ns2 simulator. We evaluate the 
performance of the interval based algorithm in 
simulation based experiment. We study their 
performance in more general setting and also 
compare the performance of our protocols with 
other approach specified in the related works. 



Let T denote the existing key tree. Assume 

that L >= existing members M 1 = (M\ M' L ) 

wish to leave and J >= new members M J = 
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Figure. 3: Comparison of join operations with 
other protocols 

The above figure shows the performance of 
protocol AGPM with other protocols. The y axis 
shows the time taken to generate the group key and 
x axis shows the number of members participated in 
the group key generation. The time taken is normal 
when the size of the group size increases. 
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Figure. 4: Comparison of leave operation with 
other protocols 

The above figure shows the time taken to 
reconstruct the group key when the node leaves the 
group is directly proportional to the size of the 
group members. 

COMPARISON WITH OTHER PROTOCOL 




---GDH 

TGDH 
AGPM 

-a- STR 



50 100 150 200 250 300 350 400 
Rekeying Intervals 



Figure. 5: Comparison with rekeying operation 
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The above figure shows the no. of nodes changed 
during the rekeying operation, ie, the time for 
rekeying increases gradually with respect to the size 
of members in the group. 

IV. Conclusion 

This paper presents a novel scheme to implement 
AODV routing protocol for secure group 
communication. It uses an efficient way of 
authenticating the nodes in the route discovery 
process using transitive signature scheme. The 
collaborative group key is generated by TDGH and 
the rekeying is done in an interval based scheme. 
The performance of the above protocol shows that 
the data transferred between the group members is 
secured. 
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